Password format

When creating a user, you can specify how the password is stored in the database. You can choose between the following values of the MembershipPasswordFormat:

  • Clear (0)
  • Hashed (1)
  • Encrypted (2)

For more information about each value, read here.

Default password format

When creating a user, the default password format value of the provider is assigned to the user object. To modify the default value of the provider, you must perform the following:

  1. Log in to the Sitefinity CMS backend.
  2. From the menu, click Administration » Settings.
  3. Click Advanced Settings.
  4. In the tree view, navigate to Security » Membership providers.
  5. Click the provider that you want to modify.
  6. Navigate to Parameters » passwordFormat.
  7. Enter one of the MembershipPasswordFormat values as a string.
  8. Click the Save changes button.

Changing password format

When changing the password format for a specific user, you must force the password of the user to be re-encoded. To do this, you must call the ChangePassword method of the Telerik.Sitefinity.Security.UserManager object.

To specify the password format, you use the PasswordFormat property of the Telerik.Sitefinity.Security.Model.User object. It is of type int and you must use the integer representations of the MembershipPasswordFormat enumeration. For example:

For more information, see the For developers: Change the password of a user example.

Salt

Sitefinity CMS membership uses Salt for additional security, when encoding the passwords. For more information about what Salt is, read here.

When creating a user, a Salt value is automatically assigned to the user object. You can access and change this value through the Salt property of the Telerik.Sitefinity.Security.Model.User object. To generate a new Salt for the users, use the GetRandomKey method of the Telerik.Sitefinity.Security.SecurityManager object and pass the desired length. Here is an example:

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?